Amazon EC2 Quickstart-3.2

From Univention Wiki

Univention Corporate Server (UCS) is a Debian GNU/Linux-based server operating system with an integrated management system for the central administration of servers, services, clients, desktops and users. This quickstart guide offers an introduction on how to start and run Univention Corporate Server in Amazon EC2.

Contents

Preparation

Univention provides and maintains a public Amazon Machine Image (AMI) in Amazon EC2. The only preparation needed is an account at Amazon Web Services that can simply be registered.

Create an instance

Log into the AWS management console with your account and open the EC2 console dashboard

Click Launch Instance to open the wizard to create a virtual machine

Select the Community AMIs tab and search for Univention Corporate Server and click Select

Now the instance type must be chosen. The selection depends on the intended purpose of the AMI. Once done, click Next: Configure Instance Details

The next dialogue allows the configuration of various machine properties, e.g. where to launch the instance, in EC2 or a Virtual Private Cloud (VPC). See the info buttons for more information. If you intend to setup an environment consisting of several UCS instances, it is recommended to use VPC, since it allows a static assignment of IP addresses. If the instances are operated in EC2 only, their IP addresses change after every shutdown. Once done, click Next: Add Storage

Enter the storage device configuration settings. Those options can be left with their default settings. Now click Next: Tag Instance

Tags may be entered to simplify the administration of the EC2 instances, e.g. by assigning an owner. Now click Next: Configure Security Group.

In the configuration of security groups at least HTTP/S and SSH must be allowed. Please make sure that the security group is setup properly for network communication, e.g. allow ICMP ping and communication through the ports listed in SDB #1018.

Now click Review and launch, which presents an overview of the instance. If everything is correct, select Launch.

A public/private key pair is necessary to connect to the instance via SSH. You can either choose an existing or create a new public/private key pair. You cannot proceed without a key pair. A newly created key pair should be downloaded directly and saved locally. See Amazon Elastic Compute Cloud: Getting an SSH Key Pair. Continue with Launch Instances. The start of the instance will take a moment.

Connect to and configure the Instance

After the instance has been created, Univention Corporate Server needs to be configured:

To connect to the created instance, it needs to be selected with the blue selection item. Now Connect needs to be clicked.

An information window appears showing the SSH command to open a SSH connection to the instance. Use the example ssh command to connect to the instance, but use root as the username. If you're queried for a password this usually means that you need to tighten the permissions of the SSH key. This is also explained in the dialogue.

The first login via SSH will show a welcome message and asks the user to set the root password. For this the following commands needs to be entered and the password entered twice.

passwd root

Now open a web browser and open the UCS management system in the webbrowser. The URL is provided in the welcome message presented in the SSH login. The SSL certificate may have to be accepted manually in the webbrowser. Login with the user root and the password configured above.

Now the UCS image can be customised with a wizard. The first thing to select is the system role. A mater domain controller is always the first system of a UCS domain. More information about the system roles can be found in the UCS manual.

Now the locales and timezone settings are configured. The keyboard layout only applies to logins to the local desktop.

The following dialogue configures the fully qualified domain name (FQDN), the LDAP base, Windows domain name (NetBIOS) and the root password. The LDAP base and the NetBIOS domain name are automatically suggested based on the FQDN, but can be customised. The root password replaces the initial root password configured earlier. It is also the initial password for the Administrator user.

Now the network can be configured. Amazon provides all necessary network settings via DHCP. The network settings can be left with the default values provided.

Every UCS domains provides it's own certificate authority (CA). It can be configured in the following dialogue.

The following dialogue selects the software for the virtual instance. Additional information can be found in the UCS manual.

After clicking Apply changes all selected settings are configured and the system start proceeds.

You can now log into the UCS management system. Use the user Administrator and the password selected as the root password in the wizard.